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DETAILED ACTION 
Claim Rejections - 35 USC § 102 

1. The following is a quotation of the appropriate paragraphs of 35 
U.S.C. 102 that form the basis for the rejections under this section made in this Office 
action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

2. Claims 1, 2, and 5-19 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Murphy (US 6,226,744 B1). 

a. Referring to claim 1: 
I. Murphy teaches: 

(1) a communications network in operative 
communication with said smart card terminal [i.e., Figure 1, a smart card 10 is 
inserted into a smart card reader 12, which is inserted into a 3.5" floppy disk drive 
of a client terminal, wherein the terminal having a network connection or modem 
connection to WWW 16 ( column 4, line 33-40)]; and 

(2) a central data base server in operative 
communication with said communication network [i.e., client terminal 14 is in 
communication with a secure gateway server 18, a secure server 22, and an 
administrative server 24 via WWW 16 (column 4, line 44-46)], said central database 
server including: 

(a) a plurality of partitioned memory locations [i.e., 
Figure 2, main memory 24 may be any type of machine readable storage device, 
such as RAM, ROM, PROM, and EEPROM (column 5, line 8-13)], wherein 

(b) at least one of said memory locations contains 
information associated with an authorized user of said smart card [i.e., secure gateway 
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server 18 includes a main memory module, performing read and write information 
(that is "information associated with an authorized user") to smart card (column 
6, line 18-19)], 

(c) said information being accessible by said smart 
card terminal via data pointers contained within said smart card [i.e., information from 
the card is accessed using the program and a PIN, and is compared with server 
information (column 4, line 23-25)]. 

b. Referring to claim 2 which depends on claim 1: 
i. Murphy further teaches: 

(1) a central time/date authority in operative 
communication with said communications network [i.e.. Figure 2, an authentication 
module resides within the secure gateway server which is in communication with 
network via WWW 16 (column 4, line 44-46 and line 60)], 

(a) said central time/date authority providing a time 
verification associated with said information transmitted between said central database 
server and said smart card terminal [i.e., authentication information was stored in 
database 26 by the same CA (Certified Authority) that issued smart card 10 to 
user (column 6, line 34-37). Any type of user data (that is "a time verification") 
can be used and still fall within the scope of the invention (column 14, line 65- 
66)]. 

c. Referring to claim 5 which depends on claim 1: 
i , Murphy further teaches: 

(1) communications network includes the Internet [i.e., 
such networks are the Internet (column 1, line 60-61)]. 

d. Referring to claim 6 which depends on claim 1: 
i. Murphy further teaches: 

(1) central database server comprises a network smart 
card server and a plurality of interconnected database servers [i.e., Figure 1, servers 
18, 20, 22, and 24 (column 4, line 47-48)]. 

e. Referring to claims land 8: 



Application/Control Number: 09/420,877 Page 4 

Art Unit: 2135 

i. Murphy further teaches: 

(1) at least one of said plurality of partitioned nnemory 
locations includes a restricted data portion containing information regarding said 
authorized user accessible to a first predetermined group of network users [i.e., 
whenever a user desires to access restricted information stored at various 
servers protected by secure gateway server 18, the user only has to be 
authenticated once, then accesses a server having restricted information (column 
6, line 58-63)], and 

(2) a public data portion containing information regarding 
said authorized user accessible to a second predetermined group of network users [I.e., 
a user was not limited to the information stored on their own computer, but could 
gain access to Information stored on hundreds, even thousands, of individual 
computers linked together by a single network (column 1, line 57-60)]. 

f. Referrino to claim 9 which depends on claim 7: 
i. Murphy further teaches: 

(1) each of said plurality of partitioned memory locations 
supports a different smart card application [i.e., such as tickets, certificates, 
public/private key, and so forth (column 7, line 28-29)]. 

g. Refem'na to claim 1 0: 

1. Murphy teaches: 

(1) providing at least one smart card terminal for 
connection with a smart card [i.e., Figure 1, a smart card 10 is Inserted into a smart 
card reader 12, which Is inserted into a 3.5" floppy disk drive of a client terminal 
(column 4, line 33-37)]; 

(2) selecting a desired authorized application for said 
smart card transaction [I.e., the specific data being stored and retrieved from the 
smart card In this example of a smart card interface module is in the form a user's 
social security number (SSN) for use in authenticating the user. It can be 
appreciated, however, that any type of data could be stored or retrieved from the 
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smart card, such as tickets, certificates, public/private keys, and so forth, 
(column 7, line 22-28)]; 

(3) transmitting through a communications network at 
least an authorization code associated with said smart card to a network smart card 
server [i.e., information from the card is accessed using the program and a PIN or 
an access code, and is compared with server information (column 4, line 23-25)], 

(4) said network smart card server including a plurality of 
partitioned memory locations [I.e., Figure 2, main memory 24 may be any type of 
machine readable storage device, such as RAM, ROM, PROM, and EEPROM 
(column 5, line 8-13)], 

(5) said authorization code providing a data pointer 
pointing to information relating to said authorized user contained in at least one of said 
plurality of partitioned memory location [i.e., authentication information (that is 
"information relating to said authorized user") was stored in database 26 by the 
same CA (Certified Authority), such as tokens, digital signatures, certificates, 
etc., that issued smart card 10 to user ( column 5, line 54-57 and column 6, line 
34-37)]; and 

(6) transmitting said information through said 
communications network to said smart card terminal [i.e., authentication module 32 
uses the smart card interface module and the PIN to access and read/write user 
information from/to smart card 10 via WWW 16 (column 6, line 29-32)]. 

h. Referring to claim 11 which depends on claim 10: 
i. Murphy further teaches: 

(1 ) modifying said information at said smart card terminal, 
re-transmitting said modified information to said network smart card server, and storing 
said modified information in said at least one of said plurality of partitioned memory 
locations [i.e.. Figure 1, a situation may arise where a user may want to 
access/change user information on smart card, the administrative module allows 
a user to verify and change a PIN. Any user modifications made at administrative 
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server 24 are replicated to user's authentication profile stored in database 26 
(column 7, line 5-10)]. 

i. Referring to claim 12 which depends on claim 10: 

i. This claim has limitations that is similar to those of claim 2, 
thus it is rejected with the same rationale applied against claim 2 above. 

j. Referring to claim 13 which depends on claim 10: 

1. This claim has limitations that is similar to those of claim 1 1 , 
thus it is rejected with the same rationale applied against claim 1 1 above, 
k. Referring to claim 14: 
i. Murphy teaches: 

(1) a first plurality of partitioned memory locations 
containing information relating to an authorized user of a smart card [i.e., read only 
memory (ROM) (column 5, line 9-10)]; 

(2) a second plurality of partitioned memory locations 
containing further information of said authorized user [i.e., random access memory 
(RAM) (column 5, line 8)]; and 

(3) a microprocessor programmed to received an 
authorization code associated with said smart card, said authorization code 
representing a data pointer for pointing to said authorized user's information contained 
within a memory location within said first or second plurality of partitioned memory 
locations [i.e., Figure 2, the overall functioning of secure gateway server is 
controlled by a central processing unit (CPU) 26, which operates under the 
control of executed computer program instructions that are stored in main 
memory (column 4, line 66-67 and column 5, line 1-2). Bus adapter 30 is used for 
transferring data back and forth between CPU/memory bus and I/O bus (column 
5, line 37-38)]. 

I. Referring to claim 15 which depends on claim 14: 
i . Murphy further teaches: 

(1) first plurality of partitioned memory locations 
represents public data associated with said smart card transaction [i.e., a user was not 
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limited to the information stored on tlieir own computer, but could gain access to 
information stored on hundreds, even thousands, of individual computers linked 
together by a single network (column 1, line 57-60)]. 

m. Referring to claim 16 which depends on claim 15: 
i. Murphy further teaches: 

(1) second plurality of partitioned nnennory locations 
represents restricted data associated with said smart card transaction [i.e., whenever a 
user desires to access restricted information stored at various servers protected 
by secure gateway server 18, the user only has to be authenticated once, then 
accesses a server having restricted information (column 6, line 58-63)]. 
n. Referring to claim 17 which depends on claim 14: 
1 . Murphy further teaches: 

(1) first and second plurality of partitioned nnennory 
locations contain information corresponding to a smart card application [i.e., secure 
gateway server 18 includes a main memory module (such as RAM, ROM, PROM, 
EPROM, EEPROM), performing read and write information to smart card, (column 
6, line 18-19)], 

0. Referring to claim 18 which depends on claim 14: 
\ . Murphy further teaches: 

(1) one of said first plurality of partitioned memory 
locations is located on a separate database server accessible through a communication 
network [i.e.. Figure 1, Secure gateway server 18 is in communication with WWW 
16, whereas database 26 could be stored on server 18 as well (column 4, line 54)]. 
p. Referring to claim 19 which depends on claim 18: 

i. This claim has limitations that is similar to those of claim 5, 
thus it is rejected with the same rationale applied against claim 5 above. 

Claim Rejections - 35 (JSC § 103 
3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 
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(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 3 and 4 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Murphy, and further in view of Barlow (US 6, 038, 551 ). 

k. Referring to claims 3 and 4 which depend on claim 1: 

i. Murphy teaches the claimed subject matter except for: 

(1) communications network is part of a public-switched 

telephone network. 

(2) communications network communicates with smart 
card terminal via the plain old telephone system (POTS). 

ii. However, Barlow teaches: 

(1) Figure 1, the network 22 can also be implemented as 
a telephone network, or an interactive television network, or any other form for linking 
the computer 12 to an external source of information (column 7, line 24-28). 

iii. It would have been obvious to a person having ordinary skill 
in the art at the time the invention was made to: 

(1) include such telephone network or any other form of 
network connection (such as Figure 1, WWW 16 of Murphy) providing the electronic 
transactions a wide range of choices over the network connection as in Barlow (column 
7, line 18-28). 

vi. The ordinary skilled person would have been motivated to: 
(1) add additional telephone network or any other form of 
network connection (such as Figure 1, WWW 16 of Murphy) because it is a common 
practice in the art to include a wide range of choices over the network communications 
with secure electronic transactions in multiple different environment (column 4, line 60- 
62 of Barlow). 

b. Referring to claim 20 which depends on claim 18: 



Application/Control Number: 09/420,877 
Art Unit: 2135 



Page 9 



i. This claim has limitations that is similar to those of claim 3, 
thus it is rejected with the same rationale applied against claim 3 above. 

Response to Argument 

5. Applicant's arguments filed January 02, 2004 have been fully considered 
but they are not persuasive. 

Applicant argues that: 

'The Murphy system is not concerned with centralizing a user's 
information or storing such information somewhere other than the user's smart card." 
Examiner maintains that: 

Secure gateway server 18 is in communication with servers 20. Servers 
18, 22 and 24 are in communication with a database 26, that is for centralizing a user's 
information. In Murphy's invention, database 26 is a relational database stored on a 
database computer external to servers 18, 20, 22 and 24. It can be appreciated, 
however, that database 26 could be stored on servers 18, 20, 22 or 24 and still fall 
within the scope of the invention (column 4, lines 49-55). Furthermore, authentication 
module 32 then retrieves authentication information from database 26 at step 64. In 
Murphy's invention, the authentication information was stored in database 26 by the 
same CA that issued smart card 10 to the user (column 6, lines 32-36). 

Applicant argues that: 

"The Murphy reference does not disclose partitioned memory locations 
wherein at least one of said memory locations contains information associated with an 
authorized user of the smart card". 

Examiner maintains that: 

See explanation under Claim Rejections - 35 USC § 102. 
Applicant argues that: 

"In other words, the present invention concerns smart card use post- 
authohzation, whereas the Murphy reference concerns the authorization process for 
using a smart card". 

Examiner argues that: 
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The term "post-authorization" that the applicant addressed here in the 
remarks does not even address in the claimed language. 
Applicant argues that: 

"With regard to the obviousness rejection of claims 3 and 4, Applicants 
submit that the combination of Murphy and Barlow would not render obvious Applicants' 
claimed invention because those references, either alone or in combination, do not 
disclose or suggest all of the claimed features of Applicants' invention including a 
central database server having a plurality of partitioned memory locations containing 
information associated with an authorized user of the smart card". 

Examiner maintains that: 

A sufficient reason of combining has been given in the rejection: add 
additional telephone network or any other form of network connection (such as Figure 1 , 
WWW 16 of Murphy) because it is a common practice in the art to include a wide range 
of choices over the network communications with secure electronic transactions in 
multiple different environment (column 4, line 60-62 of Barlow). 

Conclusion 

6. Applicant's amendment necessitated the new ground(s) of rejection 
presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See 
MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 
37 CFR 1.136(a). 

a. Timson et al (US 6, 041 , 412) discloses an apparatus and a method 
for providing access to a secured data or area includes at least two secure data 
modules which contain security data and other information and which belong to a 
particular security scheme and a dual module reader for reading data and permissions 
instructions contained on the secure data modules (see abstract). 

A shortened statutory period for reply to this final action is set to expire 
THREE MONTHS from the mailing date of this action. In the event a first reply is filed 
within TWO MONTHS of the mailing date of this final action and the advisory action is 
not mailed until after the end of the THREE-MONTH shortened statutory period, then 
the shortened statutory period will expire on the date the advisory action is mailed, and 
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any extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date 
of the advisory action. In no event, however, will the statutory period for reply expire 
later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Thanhnga (Tanya) Truong whose telephone number 
is 703-305-0327. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Kim Vu can be reached on 703-305-4393. The fax and phone 
numbers for the organization where this application or proceeding is assigned is 703- 
872-9306. 

Any inquiry of a general nature or relating to the status of this application 
or proceeding should be directed to the receptionist whose telephone number is 703- 
305-3900. I\ 
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